diff --git a/core/modules/views_ui/src/Tests/PreviewTest.php b/core/modules/views_ui/src/Tests/PreviewTest.php index 95fba8c6ad0340f82d59ab9b32f3239fe320e532..c723cb3b7689a0965f510d0ce574b3ef0bfc8d27 100644 --- a/core/modules/views_ui/src/Tests/PreviewTest.php +++ b/core/modules/views_ui/src/Tests/PreviewTest.php @@ -114,6 +114,12 @@ public function testPreviewUI() { $settings->set('ui.show.sql_query.where', 'below')->save(); $this->drupalPostForm(NULL, $edit = ['view_args' => '100'], t('Update preview')); $this->assertTrue(strpos($this->getRawContent(), 'view-test-preview') < strpos($this->getRawContent(), 'views-query-info'), 'Statistics shown below the preview.'); + + // Test that the preview title isn't double escaped. + $this->drupalPostForm("admin/structure/views/nojs/display/test_preview/default/title", $edit = ['title' => 'Double & escaped'], t('Apply')); + $this->drupalPostForm(NULL, [], t('Update preview')); + $elements = $this->xpath('//div[@id="views-live-preview"]/div[contains(@class, views-query-info)]//td[text()=:text]', [':text' => t('Double & escaped')]); + $this->assertEqual(1, count($elements)); } /** diff --git a/core/modules/views_ui/src/ViewUI.php b/core/modules/views_ui/src/ViewUI.php index b6841a84bc6da859f7b1a91656777e858cb6bed3..2e7fabd62bf0c0413cdeda1ff53284043c61fe29 100644 --- a/core/modules/views_ui/src/ViewUI.php +++ b/core/modules/views_ui/src/ViewUI.php @@ -4,7 +4,6 @@ use Drupal\Component\Utility\Html; use Drupal\Component\Utility\Timer; -use Drupal\Component\Utility\Xss; use Drupal\Core\EventSubscriber\AjaxResponseSubscriber; use Drupal\Core\Form\FormStateInterface; use Drupal\views\Views; @@ -688,7 +687,11 @@ public function renderPreview($display_id, $args = []) { '#template' => "{% trans 'Title' %}", ], ], - Xss::filterAdmin($executable->getTitle()), + [ + 'data' => [ + '#markup' => $executable->getTitle(), + ], + ], ]; if (isset($path)) { // @todo Views should expect and store a leading /. See: